Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Rather than being hopeful why not start running 'uv' inside sandbox?

Why does your python package (cli/Web server/library) need full access to your full disk at the time of execution?



You're doing all of your software development inside containers, all the time?

That is very inconvenient.


> That is very inconvenient.

All executions (especially of random third-party code) inside the containers are not inconvenient at all for me.

Infact, I even open-sourced my setup - https://github.com/ashishb/amazing-sandbox


I'd argue it's not only not inconvenient, but also a great way of keeping your system clean of all the random system-wide dependencies you'll end up accumulating over the years.


Devcontainers are looking pretty gold right now…


Why? Just open your entire editor/whatever inside a limited namespace and that's it no?


> Why? Just open your entire editor/whatever inside a limited namespace and that's it no?

How will that prevent `npm run dev` or `uv run python` from accessing files outside your current directory?


Do you know what linux namespaces are?


I do. It wasn't obvious that that's what you were referring to. If you use it regularly then that's great.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: